search

Purple-Devs / health_check

Simple health check of Rails app for use with uptime checking sites like newrelic and pingdom
MIT License
476 stars 125 forks source link

Use `remote_ip` to accept proxy-forwarded requests #102

Closed alessio-signorini closed 3 years ago

alessio-signorini commented 4 years ago

If the service where this gem is installed is behind a proxy (e.g., Heroku router, Cloudflare) the request.ip will be the one of the proxy instead of the origin.

Good proxies (e.g., nginx) add the appropriate forwarding headers to the request to report the origin IP. Rails has the built in request.remote_ip method which appropriately parses the header (if present) to extract the origin IP.

Applying this small change will make the gem work out-of-the-box even in case of proxies.

I think it is the right thing to do but technically it also allows IP spoofing.

alessio-signorini commented 4 years ago

@ianheggie - testing this gem is too complex for the time I have available right now. An alternative solution would be to add a accept_proxied_requests configuration option which is true by default but if false would use request.ip instead of request.remote_ip.

ianheggie commented 3 years ago

Thanks for the PR, I added the change with a configuration flag